Epic Games unhappy with Google’s disclosure of ‘Fortnite’ launcher vulnerability

Epic Games recently addressed a vulnerability in the Android launcher for Fortnite that would have allowed hackers to slip malware onto users’ devices, and though players should no longer have to fear any issues, Epic isn’t too happy with the way Google handled the problem.

The vulnerability was detailed on Google’s Issue Tracker service, and stems from users being able to swap out the genuine Android Package — or APK — with a false one if it is given the same package name. This opens the door for a malicious program to be installed onto phones without players’ consent.

The vulnerability was reported on the service on August 15 and was subsequently patched a day later, and Epic requested that Google not disclose it for 90 days in order to give the company more time to update users’ devices. Google did not comply with this request, which could have given hackers enough time to exploit the issue before a patch was rolled out.

Though he praised Google’s effort to check for potential security issues in Fortnite on Android, Epic Games CEO Tim Sweeney told Android Central that it was “irresponsible of Google to publicly disclose the technical details of the flaw so quickly, while many installations had not yet been updated and were still vulnerable.”

Sweeney seemed to imply that Google’s decision was made in response to Epic not releasing the game through Google Play as well.

“Google’s security analysis efforts are appreciated and benefit the Android platform, however a company as powerful as Google should practice more responsible disclosure timing than this, and not endanger users in the course of its counter-PR efforts against Epic’s distribution of Fortnite outside of Google Play,” Sweeney said.

Fortnite only recently came to Android after previously being available on PC, Mac, Xbox One, PlayStation 4, Switch, and iOS. The decision to avoid the Google Play store was made in order to avoid paying a 30 percent revenue cut to Google on in-game purchases. With Fortnite pulling in tens of millions of players, it’s hard to blame Epic Games for wanting to do things its own way, but we hope it takes more steps to keep users and their systems safe in the future.

Related Articles

Though 2016 was once described as the “year of VR” because that’s when consumer headsets became available, 2019 will be the year virtual reality actually goes mainstream — at least, that’s the prediction of Nielsen-owned SuperData Research, which today released its XR Market Update for 2018’s third quarter 2018. But by 2021, the firm expects […]

Kingdom Hearts III, the highly anticipated new entry in the beloved Square Enix and Disney crossover franchise, is out in the wild, with copies leaked over a month before the game’s January 29, 2019 release date. Somehow, somebody acquired the Xbox One version of Kingdom Hearts III, and started uploading images of the game’s packaging. […]

Crytek’s Hunt: Showdown isn’t one of those games that is setting the world on fire. But the two-person team shooter has a creepy setting and a cult following, and it was nice to see the game’s booth crowded at the recent TwitchCon event in San Jose, California. Hunt: Showdown is a good example of how […]